diff options
author | ThibG <thib@sitedethib.com> | 2017-11-15 01:53:33 +0100 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-11-15 01:53:33 +0100 |
commit | 58bca7b1e43b4ceef58dae719071d76ca41582aa (patch) | |
tree | 7a13ccda9f9f6ecae3b1dfa3bb682403ce81912c | |
parent | 1c25853842075f88e3b6ed28decba3907d548f2e (diff) |
Filter searched toots to be consistent with blocking behaviors (#5383)
-rw-r--r-- | app/controllers/api/v1/search_controller.rb | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb index bc5b8e5d4..997eed6e2 100644 --- a/app/controllers/api/v1/search_controller.rb +++ b/app/controllers/api/v1/search_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Api::V1::SearchController < Api::BaseController + include Authorization + RESULTS_LIMIT = 5 before_action -> { doorkeeper_authorize! :read } @@ -9,12 +11,24 @@ class Api::V1::SearchController < Api::BaseController respond_to :json def index - @search = Search.new(search_results) + @search = Search.new(search) render json: @search, serializer: REST::SearchSerializer end private + def search + search_results.tap do |search| + search[:statuses].keep_if do |status| + begin + authorize status, :show? + rescue Mastodon::NotPermittedError + false + end + end + end + end + def search_results SearchService.new.call( params[:q], |